USN-7042-3 cups-browsed vulnerability

USN-7042-2 released an improved fix for cups-browsed. This update provides the corresponding update for Ubuntu 24.10. Original advisory details: Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues i...

UBUNTU-CVE-2024-47176

CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source, and can cause t...

cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes

A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server,...

cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes

A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server,...

cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes

A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server,...

USN-7043-1 cups-filters vulnerabilities

Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulat...

USN-7042-1 cups-browsed vulnerability

Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute...

Xerox Workcentre 5735 LDAP Service Redential Extractor

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xerox Workcentre 5735 LDAP Service Redential Extractor', 'Description' = %q This module extract the printer's LDAP username and password from Xer...

Vulnerability found in Xerox printers

A researcher has found a vulnerability in VersaLink printers from Xerox. The vulnerability allows an unauthenticated remote malicious party capable of causing a denial-of-service cause. In order to exploit the vulnerability, the attacker must obtain a TIFF document with incomplete image directory...

December 14, 2021—KB5008206 (OS Build 18363.1977)

December 14, 2021—KB5008206 OS Build 18363.1977 EXPIRATION NOTICE As of 9/12/2023, KB5008206 is only available from Windows Update. This update is no longer available from the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security...

December 14, 2021—KB5008255 (Security-only update)

December 14, 2021—KB5008255 Security-only update Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. IMPORTANT Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July...

December 14, 2021—KB5008207 (OS Build 14393.4825) - EXPIRED

December 14, 2021—KB5008207 OS Build 14393.4825 - EXPIRED EXPIRATION NOTICE As of 9/12/2023, KB5008207 is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. --- 11/9/202...

December 14, 2021—KB5008285 (Security-only update)

December 14, 2021—KB5008285 Security-only update Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. IMPORTANT Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended suppor...

December 14, 2021—KB5008282 (Security-only update)

December 14, 2021—KB5008282 Security-only update Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. IMPORTANT Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached th...

December 14, 2021—KB5008277 (Monthly Rollup)

December 14, 2021—KB5008277 Monthly Rollup Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. IMPORTANT Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020,...

November 22, 2021—KB5007266 (OS Build 17763.2330) Preview

November 22, 2021—KB5007266 OS Build 17763.2330 Preview 11/9/21 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release known as a “C” release for the month of December 2021. There will be a monthly security release known as ...

November 9, 2021—KB5007192 (OS Build 14393.4770) - EXPIRED

November 9, 2021—KB5007192 OS Build 14393.4770 - EXPIRED EXPIRATION NOTICE As of 9/12/2023, KB5007192 is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. --- NEW...

CVE-2021-34481

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

CVE-2015-5583

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended sandbox restrictions and obtain sensitive PD...

CVE-2015-2265

The removebadchars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the 1 model or 2 PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707...